const authDao = require("../dao/authDao");
const { verifyPassword } = require("../utils/hash");

exports.login = async (req, res) => {
  const { username, password } = req.body;
  if (!username || !password)
    return res.json({ code: 400, message: "用户名或密码不能为空" });

  const user = await authDao.getUserByUsername(username);
  if (!user) return res.json({ code: 401, message: "用户不存在" });

  const valid = verifyPassword(password, user.salt, user.password);
  if (!valid) return res.json({ code: 402, message: "密码错误" });

  res.json({ code: 200, token: "fake-jwt-token" });
};

exports.logout = async (req, res) => {
  res.json({ code: 200, message: "已登出" });
};
